RedHat security
From: Yuan Liu (yliu@stemnet.nf.ca)Date: 06/14/02
- Next message: Billy O'Connor: "Re: RedHat security"
- Previous message: kmv_dev@yahoo.com: "Re: Problem with linux-wlan-ng WEP"
- Next in thread: Billy O'Connor: "Re: RedHat security"
- Reply: Billy O'Connor: "Re: RedHat security"
- Reply: Nada Lada: "Re: RedHat security"
- Reply: Rex Dieter: "Re: RedHat security"
- Reply: Nico Kadel-Garcia: "Re: RedHat security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Yuan Liu <yliu@stemnet.nf.ca> Date: Fri, 14 Jun 2002 05:21:13 GMT
Nearly every time I set up a RedHat distribution (starting from 6.0)
anywhere, I find myself asking the same questions. That's why I don't
usually dare to install RH if its my own system. Generally I'm quite
confused about its philosophy. Hope someone can shed a light on these.
1. If someone is physically at the console, he gets total control.
- No logon for single user stage. I know several commercial Unises (or
maybe all of them) behave the same. Guess the main reason is for
password resetting. But Linux can easily be booted using a floppy, so
if it is truly needed, you can always do this with a rescue disk.
Though the end result looks the same, the added difficulty provides some
deterrence, IMO.
- Anyone, any user can reboot the system. I don't know of another *nix
doing this and this scares me. I'm on RedHat 7.3 and I don't even have
to be on a text console; even if I'm in an X-console, I can still do as
an unprivileged user
$ reboot
and send all users to hell. Haven't tested this from a remote session,
so I group it here. If it also allows any user to do this remotely,
this is hell proper. Not to mention that the default logon menu has
this "Reboot" option, just like Windows.
2. Anyone can mount/umount a floppy or CD by default. Shouldn't the
default be not able to, then allow the admin to grant privilege? And
what's wrong with keeping it tight with sudo and stuff?
3. Anyone can run, sigh, even grub. Does this scare someone other than
myself?
RH used to have a slew of networking defaults that were not security
minded. It seems that they are attacking on them over releases. But
these privilege related things are also essential. Looking at what an
ordinary user can do in RH makes a full blown virus attack into my
dreams - nightmare, is this what such a dream is called? The above are
just a few that bothered me most recently. What do you people think?
Maybe we should start a log or something.
Yuan Liu
- Next message: Billy O'Connor: "Re: RedHat security"
- Previous message: kmv_dev@yahoo.com: "Re: Problem with linux-wlan-ng WEP"
- Next in thread: Billy O'Connor: "Re: RedHat security"
- Reply: Billy O'Connor: "Re: RedHat security"
- Reply: Nada Lada: "Re: RedHat security"
- Reply: Rex Dieter: "Re: RedHat security"
- Reply: Nico Kadel-Garcia: "Re: RedHat security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
